Vulnerabilities (CVE)

Filtered by CWE-94
Total 6442 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0020 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2026-06-16 9.0 HIGH N/A
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
CVE-2010-0019 2 Apple, Microsoft 3 Mac Os X, Silverlight, Windows 2026-06-16 9.3 HIGH N/A
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
CVE-2009-5097 1 Hp 1 Palm Pre Webos 2026-06-16 7.1 HIGH N/A
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
CVE-2009-5095 1 Ea-style 1 Gbook 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
CVE-2009-4993 1 Script-shop24 1 Lm Starmail Paidmail 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-4977 1 Tufat 1 Mybackup 2026-06-16 6.5 MEDIUM N/A
PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.
CVE-2009-4928 1 Sweetphp 1 Totalcalendar 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
CVE-2009-4887 1 Sbuilder 1 Cms S.builder 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.
CVE-2009-4836 1 Moviephp 1 Movie Php Script 2026-06-16 7.5 HIGH N/A
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
CVE-2009-4834 1 Xpressengine 1 Zeroboard 2026-06-16 6.8 MEDIUM N/A
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
CVE-2009-4793 1 Karl Core 1 Bandsite Cms 2026-06-16 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information.
CVE-2009-4789 2 Joomla, Mojoblog 2 Joomla, Mojoblog 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.
CVE-2009-4779 1 Robert Garrigos 1 Nukehall 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/.
CVE-2009-4768 1 Blizzard 1 Warcraft 3 The Frozen Throne 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information.
CVE-2009-4764 2 Adobe, Microsoft 2 Acrobat Reader, Windows 2026-06-16 9.3 HIGH N/A
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
CVE-2009-4752 1 Phppower 1 Swinger Club Portal 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.
CVE-2009-4750 1 Phppower 1 Top Paidmailer 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-4747 1 Tecnick 1 Aiocp 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.
CVE-2009-4739 1 Skadate 1 Skadate Online Dating Software 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2009-4693 1 Grafxsoftware 1 Minicwb 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.